Patents by Inventor I-Lung Kao
I-Lung Kao has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10726141Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the cap ability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: GrantFiled: December 5, 2017Date of Patent: July 28, 2020Assignee: International Business Machines CorporationInventor: I-Lung Kao
-
Publication number: 20180101690Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the cap ability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: ApplicationFiled: December 5, 2017Publication date: April 12, 2018Applicant: International Business Machines CorporationInventor: I-Lung Kao
-
Patent number: 9886588Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: GrantFiled: April 8, 2014Date of Patent: February 6, 2018Assignee: International Business Machines CorporationInventor: I-Lung Kao
-
Patent number: 9104776Abstract: A computer-implemented method, computer program product, and apparatus for identity mapping with self-correction for cascaded server systems is provided. A request to perform a business transaction is received. Responsive to performing a first server process of the business transaction, the servers necessary to perform the business transaction are identified, forming a set of identified servers. A user identity is retrieved for each server in the set of identified servers, wherein the user identity for each server in the set of identified servers is linked to a user registry of a server, forming a set of linked user identities. A data structure comprising the set of linked user identities is created. A user identity for a next server in the set of identified servers is retrieved from the data structure. In addition, the data structure is forwarded to a next server in the set of identified servers.Type: GrantFiled: July 15, 2008Date of Patent: August 11, 2015Assignee: International Business Machines CorporationInventor: I-Lung Kao
-
Patent number: 8904359Abstract: A method, system, and computer usable program product for on-demand monitoring of memory usage are provided in the illustrative embodiments. An indication of a memory leak in an application is detected where the application is operating in a data processing system and using a memory associated with the data processing system. An instruction to begin monitoring a memory usage of the application is received responsive to the detection. Responsive to receiving the instruction to begin, the memory usage of the application is monitored. An instruction to dump a data related to the monitoring is received and the data is dumped. An instruction to end the monitoring is received and the monitoring is ended. The detecting, the beginning, the dumping, and the ending may occur while the application remains in operation and while the application uses the memory. The memory leak is confirmed using the data.Type: GrantFiled: March 6, 2008Date of Patent: December 2, 2014Assignee: International Business Machines CorporationInventors: I-Lung Kao, Frances L. Chang
-
Publication number: 20140223508Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: ApplicationFiled: April 8, 2014Publication date: August 7, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: I-Lung Kao
-
Patent number: 8695088Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: GrantFiled: May 8, 2012Date of Patent: April 8, 2014Assignee: International Business Machines CorporationInventor: I-Lung Kao
-
Patent number: 8495730Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: GrantFiled: October 12, 2009Date of Patent: July 23, 2013Assignee: International Business Machines CorporationInventor: I-Lung Kao
-
Patent number: 8296820Abstract: Techniques are disclosed for attaching security policies to secured computing systems. A security policy is attached to a parent domain. The parent domain includes a first secured computing system. The security policy is a natural language description for controlling access to the secured computing system. Upon determining that the parent domain propagates the security policy, a first generation child domain is identified. The first generation child domain includes a second secured computing system. The first generation child domain is associated with the parent domain in a hierarchical relationship. It is determined that the first generation child domain inherits the security policy based on an inheritance rule. The security policy is attached to the first generation child domain.Type: GrantFiled: January 18, 2008Date of Patent: October 23, 2012Assignee: International Business Machines CorporationInventors: I-Lung Kao, Daniel Paul Kolz
-
Patent number: 8290955Abstract: Embodiments of the invention are generally related to data security, and more specifically to data classification. The nodes of a hierarchical data structure may be displayed in a graphical user interface (GUI). The GUI may be configured to receive selection of a data classification type. Upon receiving a selection of a data classification type, a probability of a node containing data objects that may be classified as the selected data classification type may be displayed adjacent to the node, thereby allowing efficient location and classification of the data objects.Type: GrantFiled: September 18, 2008Date of Patent: October 16, 2012Assignee: International Business Machines CorporationInventors: I-Lung Kao, Daniel P Kolz
-
Publication number: 20120227083Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: ApplicationFiled: May 8, 2012Publication date: September 6, 2012Applicant: International Business Machines CorporationInventor: I-Lung Kao
-
Patent number: 8214832Abstract: A technique for implementing separation of duties for transactions includes determining a current task assignment number of an entity. The technique also includes determining whether the entity can perform a new task based upon the current task assignment number and a task transaction number (which is based on at least one prime number) assigned to the new task.Type: GrantFiled: September 19, 2007Date of Patent: July 3, 2012Assignee: International Business Machines CorporationInventor: I-Lung Kao
-
Publication number: 20110088079Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.Type: ApplicationFiled: October 12, 2009Publication date: April 14, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: I-Lung Kao
-
Publication number: 20100070505Abstract: Embodiments of the invention are generally related to data security, and more specifically to data classification. The nodes of a hierarchical data structure may be displayed in a graphical user interface (GUI). The GUI may be configured to receive selection of a data classification type. Upon receiving a selection of a data classification type, a probability of a node containing data objects that may be classified as the selected data classification type may be displayed adjacent to the node, thereby allowing efficient location and classification of the data objects.Type: ApplicationFiled: September 18, 2008Publication date: March 18, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: I-Lung Kao, Daniel P. Kolz
-
Publication number: 20100017425Abstract: A computer-implemented method, computer program product, and apparatus for identity mapping with self-correction for cascaded server systems is provided. A request to perform a business transaction is received. Responsive to performing a first server process of the business transaction, the servers necessary to perform the business transaction are identified, forming a set of identified servers. A user identity is retrieved for each server in the set of identified servers, wherein the user identity for each server in the set of identified servers is linked to a user registry of a server, forming a set of linked user identities. A data structure comprising the set of linked user identities is created. A user identity for a next server in the set of identified servers is retrieved from the data structure. In addition, the data structure is forwarded to a next server in the set of identified servers.Type: ApplicationFiled: July 15, 2008Publication date: January 21, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: I-Lung Kao
-
Publication number: 20090228870Abstract: A method, system, and computer usable program product for on-demand monitoring of memory usage are provided in the illustrative embodiments. An indication of a memory leak in an application is detected where the application is operating in a data processing system and using a memory associated with the data processing system. An instruction to begin monitoring a memory usage of the application is received responsive to the detection. Responsive to receiving the instruction to begin, the memory usage of the application is monitored. An instruction to dump a data related to the monitoring is received and the data is dumped. An instruction to end the monitoring is received and the monitoring is ended. The detecting, the beginning, the dumping, and the ending may occur while the application remains in operation and while the application uses the memory. The memory leak is confirmed using the data.Type: ApplicationFiled: March 6, 2008Publication date: September 10, 2009Applicant: International Business Machines CorporationInventors: I-Lung KAO, Frances L. Chang
-
Publication number: 20090187964Abstract: A method and apparatus for attaching security policies to secured computing systems is provided. A security policy is attached to a parent domain. The parent domain includes a first secured computing system. The security policy is a natural language description for controlling access to the secured computing system. Upon determining that the parent domain propagates the security policy, a first generation child domain is identified. The first generation child domain includes a second secured computing system. The first generation child domain is associated with the parent domain in a hierarchical relationship. It is determined that the first generation child domain inherits the security policy based on an inheritance rule. The security policy is attached to the first generation child domain.Type: ApplicationFiled: January 18, 2008Publication date: July 23, 2009Inventors: I-Lung Kao, Daniel Paul Kolz
-
Publication number: 20090132266Abstract: A method, system, and computer program product for using weighted condition primitives to facilitate the description of a business policy for providing a web service to a user. When a set of facts associated with a user requesting a web service is obtained, an evaluation of each weighted condition primitive in a business policy is performed using the set of facts. A weight value assigned to a result of the evaluation of each weighted condition primitive is identified, and a total weight value of the identified weight values is calculated. The total weight value is then compared against a pre-defined business weight threshold condition. If the total weight value satisfies the pre-defined business weight threshold condition, the web service is provided to the user. If the total weight value does not satisfy the pre-defined business weight threshold condition, the request by the user for the web service is denied.Type: ApplicationFiled: November 19, 2007Publication date: May 21, 2009Inventors: I-Lung Kao, Dah-Haur Lin
-
Publication number: 20090077555Abstract: A technique for implementing separation of duties for transactions includes determining a current task assignment number of an entity. The technique also includes determining whether the entity can perform a new task based upon the current task assignment number and a task transaction number (which is based on at least one prime number) assigned to the new task.Type: ApplicationFiled: September 19, 2007Publication date: March 19, 2009Inventor: I-Lung Kao
-
Patent number: 7451147Abstract: A method in a data processing system for providing security to target passwords in a global sign on system centralized database. In a preferred embodiment, a target password is received by the global sign on system. The target password is encrypted in a user selected encryption manner to create an encrypted password. The encrypted password and an indication of encryption manner chosen is then stored in the centralized database.Type: GrantFiled: November 18, 1999Date of Patent: November 11, 2008Assignee: International Business Machines CorporationInventors: I-Lung Kao, Shaw-Ben Shepherd Shi